我正在学习 Spring 安全。我开发了一个通过cas进行身份验证的应用程序。我从本教程的示例开始:https://www.baeldung.com/spring-security-cas-sso.
WebSecurity配置文件的内容是:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
private SingleSignOutFilter singleSignOutFilter;
private LogoutFilter logoutFilter;
private CasAuthenticationProvider casAuthenticationProvider;
private ServiceProperties serviceProperties;
@Autowired
public WebSecurityConfig(SingleSignOutFilter singleSignOutFilter, LogoutFilter logoutFilter,
CasAuthenticationProvider casAuthenticationProvider,
ServiceProperties serviceProperties) {
this.logoutFilter = logoutFilter;
this.singleSignOutFilter = singleSignOutFilter;
this.serviceProperties = serviceProperties;
this.casAuthenticationProvider = casAuthenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers( "/secured", "/login").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class)
.csrf().ignoringAntMatchers("/exit/cas");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(casAuthenticationProvider);
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return new ProviderManager(Collections.singletonList(casAuthenticationProvider));
}
public AuthenticationEntryPoint authenticationEntryPoint() {
CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
entryPoint.setLoginUrl("http://cas-docker:7080/cas/login");
entryPoint.setServiceProperties(serviceProperties);
return entryPoint;
}
}spring应用程序文件的内容是:
@SpringBootApplication
public class CasSecuredApplication extends SpringBootServletInitializer {
private static final Logger logger = LoggerFactory.getLogger(CasSecuredApplication.class);
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(CasSecuredApplication.class);
}
public static void main(String... args) {
SpringApplication.run(CasSecuredApplication.class, args);
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter(
AuthenticationManager authenticationManager,
ServiceProperties serviceProperties) throws Exception {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setServiceProperties(serviceProperties);
return filter;
}
@Bean
public ServiceProperties serviceProperties() {
logger.info("service properties");
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService("https://tomcat-docker:8443/cas-secured-app-0.0.1-SNAPSHOT/login/cas");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
public TicketValidator ticketValidator() {
return new Cas30ServiceTicketValidator("http://cas-docker:7080/cas");
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider(
TicketValidator ticketValidator,
ServiceProperties serviceProperties) {
CasAuthenticationProvider provider = new CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties);
provider.setTicketValidator(ticketValidator);
provider.setUserDetailsService(
s -> new User("test@test.com", "Mellon", true, true, true, true,
AuthorityUtils.createAuthorityList("ROLE_ADMIN")));
provider.setKey("CAS_PROVIDER_LOCALHOST_8900");
return provider;
}
@Bean
public SecurityContextLogoutHandler securityContextLogoutHandler() {
return new SecurityContextLogoutHandler();
}
@Bean
public LogoutFilter logoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter("https://tomcat-docker:8443/logout", securityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout/cas");
return logoutFilter;
}
@Bean
public SingleSignOutFilter singleSignOutFilter() {
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
singleSignOutFilter.setLogoutCallbackPath("/exit/cas");
singleSignOutFilter.setIgnoreInitConfiguration(true);
return singleSignOutFilter;
}
}当我访问/登录时,会重定向到cas保护区。然后,将显示登录屏幕,输入名称和密码,然后单击登录会话按钮。之后,cas重定向到此url:
https://tomcat-docker:8443/cas-secured-app-0.0.1-SNAPSHOT/login/cas?ticket=ST-10-23dDew2ztSMwkbEXgtDC-9086a9962d01在此之后,获得以下误差:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Fri May 21 10:24:12 UTC 2021
There was an unexpected error (type=Internal Server Error, status=500).此链接https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cas.html 提到筛选器始终侦听对/login/cas的请求。
为什么过滤器不侦听/login/cas并继续验证过程?代码中缺少什么吗?
更新:
cas服务器日志显示以下内容:
2021-05-21 12:43:56,544 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: casuser
WHAT: ST-18-snPFz6n5AdakHvBpROlf-9086a9962d01 for https://localhost:8443/login/cas
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri May 21 12:43:56 UTC 2021
CLIENT IP ADDRESS: 172.19.0.1
SERVER IP ADDRESS: 172.19.0.6
=============================================================在属性文件中,我将:
server.servlet.contextPath=/cas-secured-app-0.0.1-SNAPSHOTcas服务器配置为默认配置。我没有碰它。
为什么cas服务器说它正在侦听https://localhost:8443/login/cas? 是否需要配置cas服务器?
暂无答案!
目前还没有任何答案,快来回答吧!